package top.conangao.system.config;

import lombok.extern.slf4j.Slf4j;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.Customizer;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import top.conangao.common.security.util.SecurityUtils;

/**
 * @author 28724
 * @description
 * @since 2024/4/14 18:33
 **/
@Configuration
@Slf4j
public class SecurityConfig {
    @Bean
    @Order(Ordered.HIGHEST_PRECEDENCE + 1000)
    public SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests(request-> request.requestMatchers("/swagger-ui.html","/swagger-ui/**","/v3/api" +
                    "-docs/**","/tenant/list").permitAll().anyRequest().authenticated())
            .oauth2ResourceServer(server ->server
                    .opaqueToken(Customizer.withDefaults())
                    .accessDeniedHandler(SecurityUtils::exceptionHandler)
                    .authenticationEntryPoint(SecurityUtils::exceptionHandler));
        DefaultSecurityFilterChain build = http.build();
        log.info("==========加载System模块WebSevlet安全过滤器链成功==========");
        return build;
    }
}
